------------------------------------------------------------
revno: 1390
fixes bug: https://launchpad.net/bugs/1187201
committer: Mark Sapiro <m...@msapiro.net>
branch nick: 2.1
timestamp: Fri 2013-06-07 13:52:54 -0700
message:
- It is no longer possible to add 'invalid' addresses to the ban_list
and the *_these_nonmembers filters from the check boxes on the admindb
interface. (LP: #1187201)
modified:
Mailman/Cgi/admindb.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/admindb.py'
--- Mailman/Cgi/admindb.py 2013-04-03 22:23:53 +0000
+++ Mailman/Cgi/admindb.py 2013-06-07 20:52:54 +0000
@@ -710,6 +710,7 @@
�
def process_form(mlist, doc, cgidata):
senderactions = {}
+ badaddrs = []
# Sender-centric actions
for k in cgidata.keys():
for prefix in ('senderaction-', 'senderpreserve-', 'senderforward-',
@@ -762,20 +763,27 @@
# Now see if this sender should be added to one of the nonmember
# sender filters.
if actions.get('senderfilterp', 0):
+ # Check for an invalid sender address.
try:
- which = int(actions.get('senderfilter'))
- except ValueError:
- # Bogus form
- which = 'ignore'
- if which == mm_cfg.ACCEPT:
- mlist.accept_these_nonmembers.append(sender)
- elif which == mm_cfg.HOLD:
- mlist.hold_these_nonmembers.append(sender)
- elif which == mm_cfg.REJECT:
- mlist.reject_these_nonmembers.append(sender)
- elif which == mm_cfg.DISCARD:
- mlist.discard_these_nonmembers.append(sender)
- # Otherwise, it's a bogus form, so ignore it
+ Utils.ValidateEmail(sender)
+ except Errors.EmailAddressError:
+ # Don't check for dups. Report it once for each checked box.
+ badaddrs.append(sender)
+ else:
+ try:
+ which = int(actions.get('senderfilter'))
+ except ValueError:
+ # Bogus form
+ which = 'ignore'
+ if which == mm_cfg.ACCEPT:
+ mlist.accept_these_nonmembers.append(sender)
+ elif which == mm_cfg.HOLD:
+ mlist.hold_these_nonmembers.append(sender)
+ elif which == mm_cfg.REJECT:
+ mlist.reject_these_nonmembers.append(sender)
+ elif which == mm_cfg.DISCARD:
+ mlist.discard_these_nonmembers.append(sender)
+ # Otherwise, it's a bogus form, so ignore it
# And now see if we're to clear the member's moderation flag.
if actions.get('senderclearmodp', 0):
try:
@@ -785,8 +793,15 @@
pass
# And should this address be banned?
if actions.get('senderbanp', 0):
- if sender not in mlist.ban_list:
- mlist.ban_list.append(sender)
+ # Check for an invalid sender address.
+ try:
+ Utils.ValidateEmail(sender)
+ except Errors.EmailAddressError:
+ # Don't check for dups. Report it once for each checked box.
+ badaddrs.append(sender)
+ else:
+ if sender not in mlist.ban_list:
+ mlist.ban_list.append(sender)
# Now, do message specific actions
banaddrs = []
erroraddrs = []
@@ -836,6 +851,8 @@
if cgidata.getvalue(bankey):
sender = mlist.GetRecord(request_id)[1]
if sender not in mlist.ban_list:
+ # We don't need to validate the sender. An invalid address
+ # can't get here.
mlist.ban_list.append(sender)
# Handle the request id
try:
@@ -854,7 +871,14 @@
doc.AddItem(Header(2, _('Database Updated...')))
if erroraddrs:
for addr in erroraddrs:
+ addr = Utils.websafe(addr)
doc.AddItem(`addr` + _(' is already a member') + '<br>')
if banaddrs:
for addr, patt in banaddrs:
+ addr = Utils.websafe(addr)
doc.AddItem(_('%(addr)s is banned (matched: %(patt)s)') + '<br>')
+ if badaddrs:
+ for addr in badaddrs:
+ addr = Utils.websafe(addr)
+ doc.AddItem(`addr` + ': ' + _('Bad/Invalid email address') +
+ '<br>')
=== modified file 'NEWS'
--- NEWS 2013-05-31 02:29:33 +0000
+++ NEWS 2013-06-07 20:52:54 +0000
@@ -11,7 +11,7 @@
- Setting digest_size_threshhold to zero now means no digests will be
sent based on size instead of a digest being sent with every post.
- (LP: 558274)
+ (LP: #558274)
- There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
a dynamically generated, hidden hash in the listinfo subscribe form and
@@ -21,24 +21,24 @@
submitted no later than FORM_LIFETIME nor no earlier than
SUBSCRIBE_FORM_MIN_TIME after retrieval. Note that enabling this will
break any static subscribe forms on your site. See the description in
- Defaults.py for more info. (LP: 1082746)
+ Defaults.py for more info. (LP: #1082746)
- add_members now has an option to add members with mail delivery disabled
- by admin. (LP: 1070574)
+ by admin. (LP: #1070574)
- IncomingRunner now logs rejected messages to the vette log.
- (LP: 1068837)
+ (LP: #1068837)
- The name of the mailmanctl master lock file is now congigurable via the
- mm_cfg.py setting MASTER_LOCK_FILE. (LP: 1082308)
+ mm_cfg.py setting MASTER_LOCK_FILE. (LP: #1082308)
- list_lists now has an option to list only lists with public archives.
- (LP: 1082711)
+ (LP: #1082711)
Contributed programs
- A new import_majordomo_into_mailman.pl script has been contributed by
- Geoff Mayes. (LP: 1129742)
+ Geoff Mayes. (LP: #1129742)
- A new "sitemap" bash script has been contributed by Tomasz Chmielewski
<man...@wpkg.org> to generate a sitemap.xml file of an installation's
@@ -50,10 +50,10 @@
Mahyar Moghimi.
- Fixed several misspelled or garbled string replacements in the Spanish
- message catalog. (LP: 1160138)
+ message catalog. (LP: #1160138)
- pt_BR message catalog has two new and an updated message per Hugo Koji
- Kobayashi. (LP: 1138578)
+ Kobayashi. (LP: #1138578)
- German message catalog has been updated per Ralf Hildebrandt.
@@ -61,38 +61,42 @@
Bug Fixes and other patches
+ - It is no longer possible to add 'invalid' addresses to the ban_list
+ and the *_these_nonmembers filters from the check boxes on the admindb
+ interface. (LP: #1187201)
+
- Backported recognition for mail.ru DSNs and minor bug fixes from
lp:flufl.bounce. (LP: #1074592, LP: #1079249 and #1079254)
- Defended against buggy web servers that don't include an empty
- QUERY_STRING in the CGI environment. (LP: 1160647)
+ QUERY_STRING in the CGI environment. (LP: #1160647)
- The Switchboard.finish() method now logs the text of the exception when
- it fails to unlink/preserve a .bak file. (LP: 1165589)
+ it fails to unlink/preserve a .bak file. (LP: #1165589)
- The pending (un)subscriptions waiting approval are now sorted by email
- address in the admindb interface as intended. (LP: 1164160)
+ address in the admindb interface as intended. (LP: #1164160)
- The subscribe log entry for a bin/add_members subscribe now identifies
- bin/add_members as the source. (LP: 1161642)
+ bin/add_members as the source. (LP: #1161642)
- Fixed a bug where the Subject: of the user notification of a
bin/remove_members unsubscribe was not in the user's language.
- (LP: 1161445)
+ (LP: #1161445)
- Fixed a bug where BounceRunner could create and leave behind zero length
- bounce-events files. (LP: 1161610)
+ bounce-events files. (LP: #1161610)
- Added recognition for another Yahoo bounce format. LP: #1157961
- Changed configure's method for getting Python's include directory from
distutils.sysconfig.get_config_var('CONFINCLUDEPY') to
- distutils.sysconfig.get_python_inc(). (LP: 1098162)
+ distutils.sysconfig.get_python_inc(). (LP: #1098162)
- - Added an Auto-Generated: header to password reminders. (LP: 558240)
+ - Added an Auto-Generated: header to password reminders. (LP: #558240)
- Fixed a bug where non-ascii characters in the real name in a subscription
request could throw a UnicodeEncodeError upon subscription approval and
- perhaps in other situations too. (LP: 1047100)
+ perhaps in other situations too. (LP: #1047100)
- The query fragments send_unsub_notifications_to_list_owner and
send_unsub_ack_to_this_batch will now assume default values if not set
_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
